I use CCR devices for CAPsMAN Manager forwarding based setup, i.e.: Not only the management is done by CAPsMAN, but also the traffic is forwarded over the CAPWAP tunnel between the CAPsMAN controller and the cAP access points. Within the last time I added a lot of addtional datapaths. It´s time to think over the setup, especially the datapaths, the bridges and the VLANs being used, i.e. there are some questions I have concerning the correct use of bridges in that setup. Perhaps you could add your opinion:
VLAN 10 for client traffic, statically set on datapath - The PVID for the corresponding bridge itself stays on "1" and not on "1000", right?
Local DHCP-server on the CCR for VLAN 10
add admin-mac=B8:69:F4:32:76:1E auto-mac=no frame-types=\
admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 \
ingress-filtering=yes mld-version=2 name=bridge-for-caps \
add name=dhcp_pool5 ranges=10.80.0.1-10.80.0.239,10.80.0.241-10.80.255.254
An EoIP tunnel for a second SSID, traffic from that SSID should be forwarded directly to that tunnel - The traffic will be forwarded untagged through the tunnel. Do I need an additional VLAN for this on /interface vlan?
add address-pool=dhcp_pool5 disabled=no interface=vlan10 lease-time=1d \
add local-address=184.108.40.206 loop-protect=on mac-address=02:05:86:5A:1A:B8 \
mtu=1500 name=eoip-tunnel remote-address=\
VLANs for the uplink, the clients on VLAN10 (1. SSID), the clients for eoip tunnel (2. SSID)
2 datapaths for 2 SSID - Do I need that "vlan-id=12" for the "datapath-eoip-clients"?
add interface=bridge-for-eoip-clients name=vlan-for-eoip-clients vlan-id=12
add interface=bridge-for-caps name=vlan10 vlan-id=10
add interface=bridge-for-uplink name=vlan85 vlan-id=85
add interface=bridge-for-uplink name=vlan86 vlan-id=86
add bridge=bridge-for-caps bridge-horizon=3 \
client-to-client-forwarding=no local-forwarding=no name=datapath1 \
add bridge=bridge-for-eoip-clientsbridge-horizon=none \
client-to-client-forwarding=no local-forwarding=no name=\
bridge VLANs - Should the "bridge-for-eoip-clients" have the "untagged=12"?
/interface bridge port
add bridge=bridge-for-uplink frame-types=admit-only-vlan-tagged interface=\
add bridge=bridge-for-eoip-clients edge=yes interface=\
/interface bridge vlan
add bridge=bridge-for-uplink tagged=bridge-for-uplink,bonding1 vlan-ids=\
add bridge=bridge-for-caps tagged=\
add bridge=bridge-for-eoip-clients untagged=12\